“In this case it seems that Apple’s own hubris has contributed to the scope of the problem as much or more than the malware itself. The threat has been known for months. It has been somewhat common knowledge–at least in security circles–that attacks were being targeted at Mac OS X systems. But, Apple was silent,” says PCWorld.com

“Oracle issued a patch for the underlying Java vulnerability in February. Apple just pushed out an update to address the Java flaw last week–two months later. While Mac users waited for a fix, malware developers continued to target and exploit vulnerable Mac systems. Even if Apple wasn’t ready to issue a patch earlier, it had an obligation to its users to communicate the risk and make users aware of the threat and steps to take to avoid becoming a victim.”

For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. Apple usually distributes information about security issues in its products through this site and the mailing list below.

Mailing list

The Security-Announce mailing list is provided to obtain product security information from Apple.
You can subscribe via http://lists.apple.com/, also available via RSS.